The SAML message InResponseTo _92a323b9-b6c3-4db8-8422-98742401c5d5 doesn't match the expected InResponseTo _714aa220-8ede-426d-9a69-add4dd8186e6.

satyamDas · January 10, 2022, 5:55am

Hi,

We are using a Licensed version 3.6 of component space.
The SSO is working perfectly with IDP’s, but with one of the IDP I am getting the above error saying "

The SAML message InResponseTo _92a323b9-b6c3-4db8-8422-98742401c5d5 doesn’t match the expected InResponseTo _714aa220-8ede-426d-9a69-add4dd8186e6. at ComponentSpace.Saml2.SamlProvider.CheckPendingResponseState(String inResponseTo)
   at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
   at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
   at LRM.Controllers.SSOSamlController.AssertionConsumerService(Guid id) in /tmp/backendbuild/LRM/Web/LRM/Controllers/SSOSamlController.cs:line 102
 The SSO is initiated only once which I verified from the logs, and this is not happening with any other IDP, but only with this particular IDP, can’t seem to find the issue.Have seen other post to use the flag “DisableInResponsetoCheck”, but I am not willing to use, as it is not the recommended solution.Kindly Help with the issue.

ComponentSpace · January 10, 2022, 1:47pm

This typically results from multiple SAML authn requests being sent to the IdP. However, if there’s only one authn request in the log, I’m not sure what the issue would be.

Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.

https://www.componentspace.com/forums/7936/Enabling-SAML-Trace

I’d like to see the application start-up through to the issue you’re seeing.

Thanks.